Ticket #344 (closed Enhancement: fixed)
Store ACLs outside the graph
Reported by: | jri | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.1 |
Component: | DeepaMehta Standard Distribution | Version: | 4.0.12 |
Keywords: | Cc: | dgf, Malte | |
Complexity: | 8 | Area: | |
Module: | deepamehta-accesscontrol |
Description
... that is not as topics itself but as properties of Neo4j nodes.
Representing ACLs as topic trees has proven not as efficient.
Change History
comment:2 Changed 12 years ago by Jörg Richter
Access Control: read ACLs in new format (#344).
Core Service:
- getTopicACL() is new method
- getAssociationACL() is new method
Not yet functional.
Do not install the "revise-acl" branch.
See ticket 344.
comment:3 Changed 12 years ago by Jörg Richter
Access Control: generalize API (#344).
"DeepaMehta Object" instead of separate methods for topics and associations.
Not yet functional.
Do not install the "revise-acl" branch.
See ticket 344.
comment:4 Changed 12 years ago by Jörg Richter
Access Control: creator/owner storage (#344,#299).
An object's creator and owner is stored outside the graph.
Core Service API:
- String getCreator(long objectId) is new method
- void setCreator(long objectId, String username) is new method
- String getOwner(long objectId) is new method
- void setOwner(long objectId, String username) is new method
Access Control API:
- login() returns void (a Username topic formerly)
- getUsername() returns the username, a string (a Username topic formerly)
- String getCreator(long objectId) replaces Topic getCreator(DeepaMehtaObject? object)
- setCreator(long objectId, String username) replaces setCreator(DeepaMehtaObject? object, long usernameId)
- String getOwner(long objectId) replaces Topic getOwner(DeepaMehtaObject? object)
- setOwner(long objectId, String username) replaces setOwner(DeepaMehtaObject? object, long usernameId)
- joinWorkspace(String username, long workspaceId) replaces joinWorkspace(long usernameId, long workspaceId)
Revised access control storage ís functional for the first time.
You must reset the database.
Core fix (#299):
Redeploying the Core while a user is logged in.
The session stores a plain (username) string instead a topic.
See ticket 344.
Close ticket 299.
comment:5 Changed 12 years ago by Jörg Richter
Access Control: remove topic types (#344).
Topic types removed from the Access Control data model:
- "Operation" (dm4.accesscontrol.operation)
- "Allowed" (dm4.accesscontrol.allowed)
- "Permission" (dm4.accesscontrol.permission)
- "User Role" (dm4.accesscontrol.user_role)
- "ACL Entry" (dm4.accesscontrol.acl_entry)
- "Access Control List Facet" (dm4.accesscontrol.acl_facet)
- "Creator" (dm4.accesscontrol.creator)
- "Creator Facet" (dm4.accesscontrol.creator_facet)
- "Owner" (dm4.accesscontrol.owner)
- "Owner Facet" (dm4.accesscontrol.owner_facet)
COMPATIBILITY NOTE:
To production installations a migration must be applied that transforms existing access control information to the new format.
Furthermore:
- Besides the Creator the Owner is set for every object.
- The Facets service is no longer consumed by the Access Control plugin.
See ticket 344.
comment:6 Changed 12 years ago by Jörg Richter
Access Control: read ACLs in new format (#344).
Core Service:
- getTopicACL() is new method
- getAssociationACL() is new method
Not yet functional.
Do not install the "revise-acl" branch.
See ticket 344.
comment:7 Changed 12 years ago by Jörg Richter
Access Control: generalize API (#344).
"DeepaMehta Object" instead of separate methods for topics and associations.
Not yet functional.
Do not install the "revise-acl" branch.
See ticket 344.
comment:8 Changed 12 years ago by Jörg Richter
Access Control: creator/owner storage (#344,#299).
An object's creator and owner is stored outside the graph.
Core Service API:
- String getCreator(long objectId) is new method
- void setCreator(long objectId, String username) is new method
- String getOwner(long objectId) is new method
- void setOwner(long objectId, String username) is new method
Access Control API:
- login() returns void (a Username topic formerly)
- getUsername() returns the username, a string (a Username topic formerly)
- String getCreator(long objectId) replaces Topic getCreator(DeepaMehtaObject? object)
- setCreator(long objectId, String username) replaces setCreator(DeepaMehtaObject? object, long usernameId)
- String getOwner(long objectId) replaces Topic getOwner(DeepaMehtaObject? object)
- setOwner(long objectId, String username) replaces setOwner(DeepaMehtaObject? object, long usernameId)
- joinWorkspace(String username, long workspaceId) replaces joinWorkspace(long usernameId, long workspaceId)
Revised access control storage ís functional for the first time.
You must reset the database.
Core fix (#299):
Redeploying the Core while a user is logged in.
The session stores a plain (username) string instead a topic.
See ticket 344.
Close ticket 299.
comment:9 Changed 12 years ago by Jörg Richter
Access Control: remove topic types (#344).
Topic types removed from the Access Control data model:
- "Operation" (dm4.accesscontrol.operation)
- "Allowed" (dm4.accesscontrol.allowed)
- "Permission" (dm4.accesscontrol.permission)
- "User Role" (dm4.accesscontrol.user_role)
- "ACL Entry" (dm4.accesscontrol.acl_entry)
- "Access Control List Facet" (dm4.accesscontrol.acl_facet)
- "Creator" (dm4.accesscontrol.creator)
- "Creator Facet" (dm4.accesscontrol.creator_facet)
- "Owner" (dm4.accesscontrol.owner)
- "Owner Facet" (dm4.accesscontrol.owner_facet)
COMPATIBILITY NOTE:
To production installations a migration must be applied that transforms existing access control information to the new format.
Furthermore:
- Besides the Creator the Owner is set for every object.
- The Facets service is no longer consumed by the Access Control plugin.
See ticket 344.
Access Control: store ACLs outside graph (#344).
Core Service:
de.deepamehta.core.service.accesscontrol is new package
Not yet functional.
Do not install the "revise-acl" branch.
See ticket 344.
Changeset: bb444d26115fdc8e44c0a4049990c191e1344478